• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0785
Best Online News Portal Project
Best_online_news_portal
2023-02-21
N/A
5.3 MEDIUM
A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability.
CVE-2023-0784
Best Online News Portal Project
Best_online_news_portal
2023-02-22
N/A
9.8 CRITICAL
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220644.
CVE-2023-0783
Shopex
Ecshop
2023-02-21
N/A
9.8 CRITICAL
A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.
CVE-2023-0782
Tenda
N301_firmware, N301, Ac15_firmware, Ac15, 11n, 11n_firmware, 4g300, 4g300_firmware, A15, A15_firmware
2023-02-22
N/A
9.8 CRITICAL
A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640.
CVE-2023-0781
Canteen Management System Project
Canteen_management_system
2023-02-21
N/A
9.8 CRITICAL
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624.
CVE-2023-0780
Agentejo, Cockpit
Cockpit
2023-02-22
N/A
5.4 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.
CVE-2023-0777
Modoboa
Modoboa-dmarc
2023-02-17
N/A
9.8 CRITICAL
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
CVE-2023-0776
Baicells
Eg7035-m11, Eg7035-m11_firmware, Neutrino_430, Neutrino_430_firmware, Nova227, Nova233, Nova243, Nova246, Nova430e, Nova430e_firmware
2023-02-13
N/A
10 CRITICAL
Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.
CVE-2023-0774
Medical Certificate Generator App Project
Medical_certificate_generator_app
2023-02-16
N/A
9.8 CRITICAL
A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220558 is the identifier assigned to this vulnerability.
CVE-2023-0771
Ampache
2023-02-16
N/A
8.8 HIGH
SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.
« Previous 1 … 11,213 11,214 11,215 11,216 11,217 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE